Meta Platforms said it would inform about 1 million Facebook users that their account information may have been compromised due to security vulnerabilities with apps downloaded from Apple’s and Alphabet’s software stores.
The company announced Friday that it has identified more than 400 malicious Android and iOS apps this year that target internet users to steal their login credentials. Meta said it has notified both Apple and Google about the issue to facilitate the removal of the apps.
The apps worked by disguising themselves as photo editors, mobile games or health trackers, Facebook said.
Apple said 45 of the 400 problematic apps were on the App Store and have been removed. Google has removed all malicious apps in question, a spokesperson said.
“Cybercriminals know how popular these kinds of apps are and they will use similar themes to trick people into stealing their accounts and information,” said David Agranovich, director of Global Threat Disruption at Meta. “If an app promises something that’s too good to be true, like unreleased features for another platform or social media site, there’s a good chance it has ulterior motives.”
For example, a typical scam would unfold after a user downloaded one of the malicious apps. The app would require a Facebook login to go beyond basic functionality, tricking the user into providing their username and password. For example, users can upload an edited photo to their Facebook account. But in the process, they unknowingly compromised their account by giving the author of the app access.
Meta said it would share tips with potential victims on how to avoid being “compromised again” by learning how to better identify problematic apps that steal credentials, be it for Facebook or other accounts.
The malicious activity took place outside of Meta Systems, Agranovich said, adding that not all 1 million people had necessarily compromised their passwords.
This story was originally published on bloomberg.com. Read it here.
Supply hyperlink